gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 20:39:18 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/config/services/xmpp.nix
kat witch 2a5ec2e0b4
Refactors for usability 
Using ./home.nix and ./nixos.nix as entrypoints for hosts.
Using hardware profiles.
Using new entrypoints (profiles/base/profiles.nix + profiles/base/home.nix).
New modules (for DNS handling, for themeing, ...).
Split up deploy-tf.nix into several modules.
Renamed common profile to base profile.
2021-08-05 03:21:21 +01:00

148 lines
3.6 KiB
Nix
Raw Blame History

{ config, pkgs, lib, ... }:
with lib;
{
kw.fw.public.tcp.ports = [ 5000 5222 5223 5269 580 5281 5347 5582 ];
services.postgresql = {
ensureDatabases = [ "prosody" ];
ensureUsers = [{
name = "prosody";
ensurePermissions."DATABASE prosody" = "ALL PRIVILEGES";
}];
};
services.prosody = {
enable = true;
ssl.cert = "/var/lib/acme/prosody/fullchain.pem";
ssl.key = "/var/lib/acme/prosody/key.pem";
admins = singleton "kat@kittywit.ch";
package =
let
package = pkgs.prosody.override (old: {
withExtraLibs = old.withExtraLibs ++ singleton pkgs.luaPackages.luadbi-postgresql;
}); in
package;
extraConfig = ''
legacy_ssl_ports = { 5223 }
storage = "sql"
sql = {
driver = "PostgreSQL";
host = "";
database = "prosody";
username = "prosody";
}
'';
virtualHosts = {
"xmpp.${config.kw.dns.domain}" = {
domain = config.kw.dns.domain;
enabled = true;
ssl.cert = "/var/lib/acme/prosody/fullchain.pem";
ssl.key = "/var/lib/acme/prosody/key.pem";
};
};
muc = [{ domain = "conference.${config.kw.dns.domain}"; }];
uploadHttp = { domain = "upload.${config.kw.dns.domain}"; };
};
security.acme.certs.prosody = {
domain = "xmpp.${config.kw.dns.domain}";
group = "prosody";
dnsProvider = "rfc2136";
credentialsFile = config.secrets.files.dns_creds.path;
postRun = "systemctl restart prosody";
extraDomainNames =
[ config.kw.dns.domain "upload.${config.kw.dns.domain}" "conference.${config.kw.dns.domain}" ];
};
deploy.tf.dns.records.services_prosody_xmpp = {
tld = config.kw.dns.tld;
domain = "xmpp";
a.address = config.kw.dns.ipv4;
};
deploy.tf.dns.records.services_prosody_xmpp_v6 = {
tld = config.kw.dns.tld;
domain = "xmpp";
aaaa.address = config.kw.dns.ipv6;
};
deploy.tf.dns.records.services_prosody_upload = {
tld = config.kw.dns.tld;
domain = "upload";
cname.target = "xmpp.${config.kw.dns.tld}";
};
deploy.tf.dns.records.services_prosody_conference = {
tld = config.kw.dns.tld;
domain = "conference";
cname.target = "xmpp.${config.kw.dns.tld}";
};
deploy.tf.dns.records.services_prosody_muc = {
tld = config.kw.dns.tld;
domain = "conference";
srv = {
service = "xmpp-server";
proto = "tcp";
priority = 0;
weight = 5;
port = 5269;
target = "xmpp.${config.kw.dns.tld}";
};
};
deploy.tf.dns.records.services_prosody_client_srv = {
tld = config.kw.dns.tld;
domain = "@";
srv = {
service = "xmpp-client";
proto = "tcp";
priority = 0;
weight = 5;
port = 5222;
target = "xmpp.${config.kw.dns.tld}";
};
};
deploy.tf.dns.records.services_prosody_secure_client_srv = {
tld = config.kw.dns.tld;
domain = "@";
srv = {
service = "xmpps-client";
proto = "tcp";
priority = 0;
weight = 5;
port = 5223;
target = "xmpp.${config.kw.dns.tld}";
};
};
deploy.tf.dns.records.services_prosody_server_srv = {
tld = config.kw.dns.tld;
domain = "@";
srv = {
service = "xmpp-server";
proto = "tcp";
priority = 0;
weight = 5;
port = 5269;
target = "xmpp.${config.kw.dns.tld}";
};
};
services.nginx.virtualHosts = {
"upload.${config.kw.dns.domain}" = {
useACMEHost = "prosody";
forceSSL = true;
};
"conference.${config.kw.dns.domain}" = {
useACMEHost = "prosody";
forceSSL = true;
};
};
users.users.nginx.extraGroups = [ "prosody" ];
}
Reference in a new issue View git blame Copy permalink